Accessibility Framework
Available for: macOS High Sierra 10.13.4
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: An information disclosure issue existed in Accessibility
Framework. This issue was addressed with improved memory management.
CVE-2018-4196: G. Geshev working with Trend Micro's Zero Day
Initiative, an anonymous researcher

AMD
Available for: macOS High Sierra 10.13.4
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read issue existed that led to the
disclosure of kernel memory. This was addressed with improved input
validation.
CVE-2018-4253: shrek_wzw of Qihoo 360 Nirvan Team

apache_mod_php
Available for: macOS High Sierra 10.13.4
Impact: Issues in php were addressed in this update
Description: This issue was addressed by updating to php version
7.1.16.
CVE-2018-7584: Wei Lei and Liu Yang of Nanyang Technological
University

ATS
Available for: macOS High Sierra 10.13.4
Impact: A malicious application may be able to elevate privileges
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2018-4219: Mohamed Ghannam (@_simo36)

Firmware
Available for: macOS High Sierra 10.13.4
Impact: A malicious application with root privileges may be able to
modify the EFI flash memory region
Description: A device configuration issue was addressed with an
updated configuration.
CVE-2018-4251: Maxim Goryachy and Mark Ermolov

Grand Central Dispatch
Available for: macOS High Sierra 10.13.4
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An issue existed in parsing entitlement plists. This
issue was addressed with improved input validation.
CVE-2018-4229: Jakob Rieck (@0xdead10cc) of the Security in
Distributed Systems Group, University of Hamburg

Hypervisor
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2018-4242: Zhuo Liang of Qihoo 360 Nirvan Team

iBooks
Available for: macOS High Sierra 10.13.4
Impact: An attacker in a privileged network position may be able to
spoof password prompts in iBooks
Description: An input validation issue was addressed with improved
input validation.
CVE-2018-4202: Jerry Decime

Intel Graphics Driver
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to read restricted memory
Description: A validation issue was addressed with improved input
sanitization.
CVE-2018-4141: an anonymous researcher, Zhao Qixun (@S0rryMybad) of
Qihoo 360 Vulcan Team

IOFireWireAVC
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2018-4228: Benjamin Gnahm (@mitp0sh) of Mentor Graphics

IOGraphics
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4236: Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team

IOHIDFamily
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2018-4234: Proteas of Qihoo 360 Nirvan Team

Kernel
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS
High Sierra 10.13.4
Impact: An attacker in a privileged position may be able to perform a
denial of service attack
Description: A denial of service issue was addressed with improved
validation.
CVE-2018-4249: Kevin Backhouse of Semmle Ltd.

Kernel
Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: In some circumstances, some operating systems may not
expect or properly handle an Intel architecture debug exception after
certain instructions. The issue appears to be from an undocumented
side effect of the instructions. An attacker might utilize this
exception handling to gain access to Ring 0 and access sensitive
memory or control operating system processes.
CVE-2018-8897: Andy Lutomirski, Nick Peterson
(linkedin.com/in/everdox) of Everdox Tech LLC

libxpc
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to gain elevated privileges
Description: A logic issue was addressed with improved validation.
CVE-2018-4237: Samuel GroÃ? (@5aelo) working with Trend Micro's Zero
Day Initiative

Mail
Available for: macOS High Sierra 10.13.4
Impact: An attacker may be able to exfiltrate the contents of
S/MIME-encrypted e-mail
Description: An issue existed in the handling of encrypted Mail. This
issue was addressed with improved isolation of MIME in Mail.
CVE-2018-4227: Damian Poddebniak of MÃ¼nster University of Applied
Sciences, Christian Dresen of MÃ¼nster University of Applied Sciences
, Jens MÃ¼ller of Ruhr University Bochum, Fabian Ising of MÃ¼nster
University of Applied Sciences, Sebastian Schinzel of MÃ¼nster
University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj
Somorovsky of Ruhr University Bochum, JÃ¶rg Schwenk of Ruhr
University Bochum

Messages
Available for: macOS High Sierra 10.13.4
Impact: A local user may be able to conduct impersonation attacks
Description: An injection issue was addressed with improved input
validation.
CVE-2018-4235: Anurodh Pokharel of Salesforce.com

Messages
Available for: macOS High Sierra 10.13.4
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: This issue was addressed with improved message
validation.
CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd

NVIDIA Graphics Drivers
Available for: macOS High Sierra 10.13.4
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2018-4230: Ian Beer of Google Project Zero

Security
Available for: macOS High Sierra 10.13.4
Impact: A local user may be able to read a persistent account
identifier
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4223: Abraham Masri (@cheesecakeufo)

Security
Available for: macOS High Sierra 10.13.4
Impact: Users may be tracked by malicious websites using client
certificates
Description: An issue existed in the handling of S-MIME
certificaties. This issue was addressed with improved validation of
S-MIME certificates.
CVE-2018-4221: Damian Poddebniak of MÃ¼nster University of Applied
Sciences, Christian Dresen of MÃ¼nster University of Applied Sciences
, Jens MÃ¼ller of Ruhr University Bochum, Fabian Ising of MÃ¼nster
University of Applied Sciences, Sebastian Schinzel of MÃ¼nster
University of Applied Sciences, Simon Friedberger of KU Leuven, Juraj
Somorovsky of Ruhr University Bochum, JÃ¶rg Schwenk of Ruhr
University Bochum

Security
Available for: macOS High Sierra 10.13.4
Impact: A local user may be able to read a persistent device
identifier
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4224: Abraham Masri (@cheesecakeufo)

Security
Available for: macOS High Sierra 10.13.4
Impact: A local user may be able to modify the state of the Keychain
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4225: Abraham Masri (@cheesecakeufo)

Security
Available for: macOS High Sierra 10.13.4
Impact: A local user may be able to view sensitive user information
Description: An authorization issue was addressed with improved state
management.
CVE-2018-4226: Abraham Masri (@cheesecakeufo)

Speech
Available for: macOS High Sierra 10.13.4
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A sandbox issue existed in the handling of microphone
access. This issue was addressed with improved handling of microphone
access.
CVE-2018-4184: Jakob Rieck (@0xdead10cc) of the Security in
Distributed Systems Group, University of Hamburg

UIKit
Available for: macOS High Sierra 10.13.4
Impact: Processing a maliciously crafted text file may lead to a
denial of service
Description: A validation issue existed in the handling of text. This
issue was addressed with improved validation of text.
CVE-2018-4198: Hunter Byrnes